Description
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for arbitrary file writes or grep -R flag for recursive file reads, circumventing intended stdin-only restrictions.
Published: 2026-03-19
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file read/write via sort and grep flags
Action: Patch
AI Analysis

Impact

In OpenClaw versions prior to 2026.2.19 the tools.exec.safeBins component contains an input validation bypass. The bypass allows attackers who already have command execution privileges to use the sort -o flag to write arbitrary files or the grep -R flag to read files recursively, thereby escaping the intended stdin‑only restriction. This weakness is a form of OS command injection (CWE‑78) that can lead to unintended filesystem modifications or data exfiltration.

Affected Systems

The vulnerability affects all OpenClaw products deployed before version 2026.2.19, as identified by the vendor database. The affected software runs on Node.js environments and is enumerated as cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*. Any installations in this configuration are vulnerable unless updated to 2026.2.19 or later.

Risk and Exploitability

The CVSS score of 2.0 indicates low severity; the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires that the attacker already have command execution capability on the target system. Therefore the threat is limited to scenarios where command execution is possible, and no public exploitation or widespread active attacks are reported. The risk is considered low for systems that are already securely configured, but unpatched systems that have exposed command execution paths remain vulnerable.

Generated by OpenCVE AI on March 19, 2026 at 02:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official OpenClaw patch v2026.2.19 or later to remediate the input validation bypass.
  • If a patch cannot be applied immediately, restrict the execution of the sort and grep utilities or remove the insecure flags from the safeBins configuration until an update is available.

Generated by OpenCVE AI on March 19, 2026 at 02:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4685-c5cp-vp95 OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Thu, 19 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for arbitrary file writes or grep -R flag for recursive file reads, circumventing intended stdin-only restrictions.
Title OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:31:31.844Z

Reserved: 2026-03-10T19:48:11.111Z

Link: CVE-2026-31996

cve-icon Vulnrichment

Updated: 2026-03-19T17:02:01.728Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T02:16:04.917

Modified: 2026-03-25T15:16:43.037

Link: CVE-2026-31996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:35Z

Weaknesses